<?php
defined("_ENTRY_") or die("Restricted Access!");
defined("_ADMIN_") or header("Location:login.php");	// only admin-entry

//var_dump($_POST);
$user = get_session_user();

if(!isset($_POST['new_password']) || !isset($_POST['user_password']) || !isset($_POST['repeat_password']))
{
	$_SESSION['error'] = "Parametri mancanti: completare tutti i campi";
	header("location: admin.php?option=change_password");
}

$oldpw = $_POST['user_password'];
$newpw = $_POST['new_password'];
$repeatpw = $_POST['repeat_password'];

if(strcmp($newpw, $repeatpw) != 0)
{
	$_SESSION['error'] = "La nuova password deve essere uguale a quella reinserita";
	header("location: admin.php?option=change_password");
}
//echo "Cambio password:";
try
{
	$user->setPassword(md5($oldpw), md5($newpw));
	$_SESSION['message'] = "La nuova password e' stata impostata correttamente";
	header("location: admin.php?option=change_password");
}
catch (Exception $e)
{
	 $_SESSION['error'] = $e->getMessage();
	header("location: admin.php?option=change_password");
	//echo $e->getMessage();
}

?>